Open shammancer opened 3 months ago
Hello,
I'm playing around with custom kernel and trying out safesetid and I'm unable to configure safesetid LSM when SELinux is in enforcing mode.
Fedora Release
$ cat /etc/redhat-release
Fedora release 39 (Thirty Nine)
Policy packages:
$ dnf list --installed | grep selinux-policy
selinux-policy.noarch 39.5-1.fc39 @updates selinux-policy-targeted.noarch 39.5-1.fc39 @updates
Reproducer command:
sudo bash -c "echo \"1001:1002\" > /sys/kernel/security/safesetid/uid_allowlist_policy"
Audit Message:
Mar 22 12:28:30 lfd441-fedora39-uefi audit[1201]: AVC avc: denied { mac_admin } for pid=1201 comm="bash" capability=33 context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2 permissive=0
Hello,
I'm playing around with custom kernel and trying out safesetid and I'm unable to configure safesetid LSM when SELinux is in enforcing mode.
Fedora Release
Policy packages:
Reproducer command:
Audit Message: